PAOGA - Privacy & Trust in the Digital Age

January 31, 2011

Information Commissioner, Christopher Graham, supported by Lord McNally, Minister of State at the Ministry of Justice are right to recognise the urgency of this issue but 'understanding the law and your rights' alone is not sufficient if unenforceable.

According to research by Privacy International and Virtual Identity and Privacy Research Center, Switzerland, the Personal Information of a European Citizen is currently stored in over 1,000 data silos around the world. This is not the data that you have shared willingly in exchange for a product or service -this is the result of your data being stolen, harvested and sold without your knowledge let alone your permission. It is this 'hijacked' data which is the source of spam (85% of internet traffic), phishing and fraud. How on earth do you submit a Subject Access Request to view, correct, update or delete such information when you don't know where it is?

It is imperative that an individual has the ability to impose their Terms & Conditions, their EULA, when forming an online relationship with a supplier (private or public). These Ts&Cs could comprise such conditions as:

to be encrypted during transmission and storage,

not to be shared with any third party without my express permission,

to allow access to data held about me at all times to view or request correction and deletion as appropriate,

to inform me of any data breach immediately,

The supplier would have to 'sign' my Ts&Cs before my Personal Information is revealed and a unique email address could be used so that the source of any breaches are immediately identifiable and accountable.

PAOGA are developing the very tools and services to empower individuals who are concerned about their privacy leading to Trusted Relationship Management in which the 'subject' is an equal partner.

"If new regulations based on the FTC and Department of Commerce guidelines are adopted, it will change the way consumers and companies experience the web. Consumers will have access to clear notices about their data and will have the ability to proactively decide how it’s used, but these developments may frustrate them if it slows their online transactions. Companies will have to make investments in infrastructure to comply with new training, encryption and storage requirements, and to comply with an entirely new regulatory scheme in an area that has been largely un-regulated in the past."

The problem is that 'law' is a blunt instrument that, by definition, assumes a 'one size fits all' policy. I prefer 'choice' by which individuals, in their multiple roles as citizen, consumer, patient, student, employee, friend, etc., can choose to set and manage policies regarding their personal information that suit them subject to the context of the communication or transaction and the level of trust in the relationship with the other party - be it an individual, business or government.

Trusted Relationship Management provides those individuals who care about their privacy to manage and take responsibility for their relationships providing them with increased security and peace of mind whilst reducing the costs and risks of their suppliers.